﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;

namespace Project
{
    public partial class Default : System.Web.UI.Page
    {
        static string connectionString = ConfigurationManager.ConnectionStrings["StudentAdvisorString"].ConnectionString;
        SqlConnection connection = new SqlConnection(connectionString);
        SqlCommand command_login = null;
        SqlCommand command_UserId_Check = null;
        SqlDataReader dataReader = null;

        protected void Page_Load(object sender, EventArgs e)
        {
            if (Session["userID"] == null)
                lbl_user.Text = "  Welcome Guest  ";
            else
                lbl_user.Text = " "+Session["userID"].ToString()+" ";
        }

        protected void btn_reset_Click(object sender, EventArgs e)
        {
            txt_userID.Text = "";
            txt_password.Text = "";
        }

        protected void btn_submit_Click(object sender, EventArgs e)
        {
#region Navid_code
            //My Code If u find any problem in this code let me know i will change it

            String u = txt_userID.Text;
            String p = txt_password.Text;
            //String connectionString = @"Server=(local)\SQLExpress;Initial Catalog=userStories;Integrated Security=True";

            connection.Open();
            String userPresent = "Select username from userlogs where username= @username";
            String updateLoginTime = "update userlogs set userlogin = getdate() where username = @name";
            String firstTimeLogin = "insert into userlogs (username,userlogin) values (@uname,GETDATE())";
            String lastLoggedIn = "select lastlogin from userlogs where username=@name";

            SqlCommand uPresent = new SqlCommand(userPresent, connection);
            SqlCommand uLoginTime = new SqlCommand(updateLoginTime, connection);
            SqlCommand fLogin = new SqlCommand(firstTimeLogin, connection);
            SqlCommand lastLoggedCmd = new SqlCommand(lastLoggedIn, connection);

            SqlParameter para1 = new SqlParameter();
            para1.ParameterName = "@username";
            para1.Value = txt_userID.Text;
            uPresent.Parameters.Add(para1);

            SqlParameter para2 = new SqlParameter();
            para2.ParameterName = "@name";
            para2.Value = txt_userID.Text;
            uLoginTime.Parameters.Add(para2);

            SqlParameter para3 = new SqlParameter();
            para3.ParameterName = "@uname";
            para3.Value = txt_userID.Text;
            fLogin.Parameters.Add(para3);

            SqlParameter para4 = new SqlParameter();
            para4.ParameterName = "@name";
            para4.Value = txt_userID.Text;
            lastLoggedCmd.Parameters.Add(para4);
            SqlDataReader r = null;
            r = uPresent.ExecuteReader();
            String s = null;
            while (r.Read())
            {
                s = (String)r[0];
            }
            r.Close();
            if (s != null || s == u)
            {
                uLoginTime.ExecuteNonQuery();
            }
            else
            {
                fLogin.ExecuteNonQuery();
            }
            connection.Close();
#endregion Navid_code

            string UserIDCheck_string = "select * from tblUserLogin where UserId='" + txt_userID.Text + "'";
            command_UserId_Check = new SqlCommand(UserIDCheck_string, connection);

            string login_string = "select * from tblUserLogin where UserId='" + txt_userID.Text + "' and Password='" + txt_password.Text + "'";
            command_login = new SqlCommand(login_string, connection);

            try
            {
                connection.Open();
                dataReader = command_UserId_Check.ExecuteReader();
                if (dataReader.HasRows == false)
                {
                    dataReader.Close();
                    connection.Close();
                    lbl_loginError.Text = "This User ID has not registered.";
                }
                else
                {
                    dataReader.Close();
                    dataReader = command_login.ExecuteReader();
                    if (dataReader.HasRows == false)
                    {
                        dataReader.Close();
                        connection.Close();
                        lbl_loginError.Text = "Invalid Password.";
                    }
                    else
                    {
                        dataReader.Read();
                        Session["userID"] = txt_userID.Text;
                        Session["userType"] = dataReader["UserType"].ToString();
                        //lbl_loginError.Text = Session["userID"].ToString() + ", type= " + Session["userType"].ToString();
                        if (txt_password.Text != "123456")
                        {
                            if (dataReader["UserType"].ToString() == "S")
                                Response.Redirect("studentProfile_.aspx");
                            else
                                Response.Redirect("advisorProfile.aspx");
                        }
                        else
                        {
                            Response.Redirect("passwordReset.aspx");
                        }
                    }
                }
            }
            catch (SqlException ex)
            {
                lbl_loginError.Text = ex.ToString();
            }
            finally
            {
                if (!dataReader.IsClosed)
                {
                    dataReader.Close();
                    connection.Close();
                }
            }
        }
    }
}